CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method comprising: 

measuring a trusted original portion of firmware of a computer system , wherein the 
original portion of firmware comprises a startup portion of at least one of system 
management mode (SMM) firmware code or platform management interrupt (PMI) firmware 
code; 

securely storing the measurement of the trusted original portion of firmware; 

measuring an unqualified current portion of firmware during an operating system 
(OSVruntime phase of the computer system ; 

retrieving the measurement of the trusted original portion of firmware; 

comparing the measurement of the trusted original portion of firmware to the 
measurement of the unqualified current portion of firmware; and 

if the measurements match, executing the current portion of firmware as a trusted 
process. 

2. (Original) The method of claim 1 , wherein securely storing the measurement of the 
trusted portion of original firmware comprises storing the measurement in a trusted platform 
module (TPM). 

3. (Original) The method of claim 2, wherein the trusted platform module is embodied 
as a hardware component. 

4. (Original) The method of claim 2, wherein the trusted platform module is embodied 
as a software-based component. 
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5. (Original) The method of claim 1, farther comprising: 

enforcing a locality-based security mechanism, wherein a processor must be 
operating in at least one of a given locality and a higher locality to retrieve the measurement 
of the trusted portion of firmware. 

6. (Previously Presented) The method of claim 1 , wherein measuring the unqualified 
current portion of firmware comprises measuring a current portion of at least one of system 
management mode (SMM) firmware code or platform management interrupt (PMI) firmware 
code. 

7. (Original) The method of claim 1 , further comprising performing a core root of trust 
measurement (CRTM). 

8. (Original) The method of claim 7, wherein the CRTM is a static CRTM comprising a 
measurement of a trusted bootable portion of firmware. 

9. (Original) The method of claim 7, wherein the CRTM is a dynamic CRTM measured 
via execution of processor microcode. 

10. (Original) The method of claim 1, further comprising: 

creating a descriptor indicating where the trusted original portion of firmware is 
located. 

1 1 . (Currently Amended) A method, comprising: 

measuring at least one integrity metric corresponding to a trusted portion of an 

original firmware configuration of a computer system , wherein the trusted portion of the 
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original firmware configuration includes a startup portion of at least one of system 
management mode (SMM) firmware code or platform management interrupt (PMI) firmware 
code; 

storing a respective measurement corresponding to each of said at least one integrity 
metric in a corresponding platform configuration register (PCR) of a trusted platform 
module(TPM); aa4 

sealing a secret to the TPM, the secret contained in a digest including the secret 
concatenated with the respective measurement(s) stored in the PCR(s), 

wherein a current firmware configuration includes a portion that matches the trusted 
portion of the original firmware configuration to unseal the secret; 

attempting to unseal the secret sealed to the TPM during an operating system (OS)- 
runtime phase of the computer system . 

12. (Original) The method of claim 1 1 , further comprising: 

specifying a locality to be associated with a trusted firmware process; and 
concatenating the locality to the secret and the respective measurement(s) used to form the 
digest stored in the PCR(s). 

13. (Original) The method of claim 1 1 , further comprising: 
asserting a locality corresponding to an execution privilege level; 

storing at least one of the respective measurement(s) in a PCR that may be extended 
if a current execution privilege level matches or exceeds the locality of the execution 
privilege level that is asserted. 

14. (Original) The method of claim 12, wherein the locality is locality 1 . 
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15. (Original) The method of claim 1 1 , wherein the trusted portion of the original 
firmware configuration includes a trusted boot block. 

1 6. (Original) The method of claim 1 5, further comprising: 

measuring the trusted boot block to obtain a core root of trust measurement (CRTM). 

1 7. (Previously Presented) The method of claim 1 1 , wherein the portion of the firmware 
configuration includes a current portion of at least one of system management mode (SMM) 
firmware code or platform management interrupt (PMI) firmware code. 

1 8. (Currently Amended) The method of claim 1 1 , further comprising: 
att e mpting to uns e al th e s e cr e t s e al e d to th e TPM; and 

executing firmware as a trusted process if the secret is unsealed, otherwise executing 
the firmware process as an untrusted process. 

1 9. (Original) The method of claim 1 1 , wherein the integrity metric is measured by 
executing microcode on a processor. 

20. (Previously Presented) An article of manufacture, comprising: 

a machine-readable medium have instructions stored thereon, which when executed 
perform operations including: 

measuring a trusted portion of an original set of firmware components during a pre- 
boot phase of a computer system; 

storing the measurement of the trusted portion of the original set of firmware 
components in a trusted platform module (TPM) platform configuration register (PCR); 

measuring a portion of a current set of firmware components during an operating 
system (OS)-runtime phase of the computer system; 
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determining if the measurement of the portion of the current set of firmware 
components matches the measurement of the portion of the original firmware components; 
and 

providing indicia to a processor to execute the portion of the current set of firmware 
components as a trusted process if the measurements match, 

wherein each of the original and current sets of firmware components correspond to a 
portion of at least one of system management mode (SMM) firmware code or platform 
management interrupt (PMI) firmware code. 

21. (Canceled) 

22. (Canceled) 

23. (Original) The article of manufacture of claim 20, wherein the machine-readable 
medium comprises further instructions to perform the operation of performing a core root of 
trust measurement (CRTM). 

24. (Original) The article of manufacture of claim 20, wherein the machine-readable 
medium comprises further instructions to perform operations including: 

sealing a secret to the TPM, the secret contained in a digest including the secret 
concatenated with the measurement of the trusted portion of the original set of firmware that 
is stored in the PCR. 

25. (Original) The article of manufacture of claim 20, wherein the article comprises a 
flash device. 

26. (Currently Amended) A system comprising: 
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a processor, including microcode instructions; 
memory, operatively coupled to the processor; 
a trusted platform module, operatively coupled to the processor; and 
a flash device having firmware instructions stored thereon, which when executed on 
the processor perform operations including: 

retrieving a first measurement stored in the TPM, the first measurement 
comprising a measurement of a trusted portion of the firmware instructions; 

measuring a current portion of firmware instructions during an operating 
system (OSVruntime phase of the system, the current portion of firmware instructions 
analogous to the trusted portion of the firmware instructions to obtain a second measurement, 
wherein each of the trusted and current portions of firmware instructions correspond to a 
portion of at least one of system management mode (SMM) firmware or platform 
management interrupt (PMI) firmware; 

comparing the first measurement to the second measurement; and 
if the first and second measurements match, programming the miefeprocessor to 
execute the current portion of firmware instructions as a secure process. 

27. (Original) The system of claim 26, wherein the microcode instructions may be 
executed to perform the operations of generating a dynamic core root of trust measurement 
(CRTM) for the system. 

28. (Original) The system of claim 26, wherein the microcode instructions may be 
executed to perform operations including: 

measuring the trusted portion of the firmware instructions to produce the first 
measurement; and 
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storing the first measurement in a platform configuration register (PCR) of the TPM. 

29. (Canceled) 

30. (Canceled) 
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